Category Archives: Windows Server

Hate to say it, but Powershell is cool!

Just to put it out there.
Some history.

BAM!
There was Powershell. At first, I didnt quite understand its potential and role in the Microsoft product suite. Then came the ‘not-quite-headless’ windows server. I was like: oooh, It looks like Microsoft is Changing/learning and stripping useless overhead (read things that can potentially break, need maintenance, costs resources and thus it costs money). Up to this point I still didn’t quite understand the PowerShell potential and didn’t bother to look into it.

Then last month a team member needed to install Oracle Fail Safe on a Microsoft 2012 box. He needed to run an PowerShell script to set some things right and the script didn’t quite work. Hating the fact (as a former microsoft SE) not being of any real help, I figured, lets spend some time and start learning Powershell. Its time I get to  (ex-Windows NT4,2K,2K3 guy) understand this puppy everybody is revved up on.

In my search for a good learning site I came across the: Microsoft Virtual Academy and followed the course. After doing some of the course my conclusion was: Powershell (V3) is way more cool then I anticipated!

Why?

At first I thought another Linux-shell-clone was being created by Microsoft. But don’t let yourself (like I was at first) be fooled by the Linux looking Pipe approach. In the Microsoft implementation its not text that’s being redirected, its redirecting objects. For those that not understanding objects: Instead of sending  the unstructured text output of a command, its sending you the whole thing with structures and methods and everything. This enables you to do the wildest things without losing the oooh so important overview of things and is makes waaaay more sense.

The simplest way to explain this is by example. For instance, the following command gets the directory (as an object), pipes this object to a select method, then we select specific properties from this object then output and then manipulate “@{…}” some of this output while we are at it because we can. The result, a logical flow of information resulting in the usable and desired form I WANT IT. Did you ever use awk?!

This Object approach makes you wickedly flexible as you can see, formatting, using and manipulating data as you see fit.

Another cool thing is that you are not bound to some servers commandline console. You can output to the console sure, but there are also some several nice, cool options. For example: output an Get-Help article to a window with the -ShowWindow parameter.This enables you to view en search content from a nice scrollable window. Or output the table from the previous statement to an Gridview view.

If this is cool enough yet, there are tons of very cool features that are incorperated into powershell. A few of many are: Updateable help-system, Out of the box remoting to PS sessions on different machines, Remoting using sessions locally, Importing PS management modules from remote machines (so you dont need to install them over and over again), An PS webapplication for remote -mobile- management using powershell. Yeah, the list goes on.

Sadly all the nice graphical perks still need that blasted explorer.exe proces. I guess Microsoft still needs to develop an X alternative for that. Please Microsoft, lose the need for that explorer.exe process and you regain my trust 😉

Wrap-up, no tech is perfect, so my advice: Definitely look into is the free (Yeah ITS FREE) getting started training by Microsoft. http://www.microsoftvirtualacademy.com/training-courses/getting-started-with-powershell-3-0-jump-start#?fbid=jzUgaMv9GOI

Now lets go back to my beautifully tweaked and optimized Oracle Enterprise Linux deployment. With awk(ward) GNU text pipes that noone really understands. Without the cool management interface, but still the OS I prefer in my HAHP-backend

Regards,
Chris

SPF2010 Explorer view, very poor performance?

Also installed Sharepoint Foundation 2010 in conjunction with your server 2008 server?

Also experiencing very slow performance with the explorer view, or the mapped networkdrive?

Then you might want to turn off “Automatically detect settings.” in the Lan Settings section of IE.

Background

I was also experiencing ridiculous slow performance when opening a document lib in explorer view. At first I thought it was due to the zone settings, which are used by the Web Client, responsible for this connection. After fiddling around with the settings endlessly with no result. Reading the Microsoft (outdated) whitepapers for suggestions with no result, and finaly experimenting with web-folders and webdav -not needed for SharePoint explorer view- with no result… It was clearly time for a different approach.

I installed Wireshark to find out what was actually happening on the line, and this is what I found. After clicking the “view in explorer” link, the following happens on the line:

The yellow lines you see between the “actuall” traffic, are so called “WPAD” queries. WPAD stands for “Web Proxy Automatic Detection”. In the screen you can clearly see that the webclient is trying to auto detect the proxy settings prior to actually connecting. The time this action consumes is equal to the wait time, the user is experiencing.

After disabling this feature in the IE>Internet Options>Connections>Lan Settings>Automatically detect settings. Opening the document library is instant.

After I disabled this setting, the LAN behavior looked like this:

Some tips.

You dont need to install the IIS WebDav in order to use explorer view. SPF implements its own version of WebDAV for this functionality.
“Many people are under the misconception that SharePoint uses the WebDAV functionality provided by IIS 6.0. Actually, SharePoint provides its own WebDAV implementation using the Stsfilt.dll ISAPI filter that is installed with both Windows SharePoint Services and SharePoint Portal Server” (Understanding and troubleshooting Sharepoint Explorer view.doc, Steve Sheppard, 2006)

Explorer view is offered through the Web Client Service. Its useful to understand its dependencies (zones, proxy, and other settings)

(src:troubleshooting SharePoint explorer view.doc, annotations by myself)

Usefull sources:

Any other useful tips?

Optimize Windows Server TCP/IP settings

When you are installing windows Server 2003 from the box, you should always realize that the TCP settings used might not be optimal for the network environment in which the server was installed. The default settings used by Windows are optimized by the windows OS and will ensure a stable and sure data flow, but in some cases these settings can be optimized using a series of registry settings.

Certificates, what to know…

Certificates is a tough and complex world to be in.

Here are the main things to remember when renewing old certificates, or requesting new ones 🙂

• CAis a short for “Certificate Authority” and is usually a party that ‘Signs’ certificates on behalf of the requester. Because someone other then the party hosting a site signed the certificate it is assumed that dualism applies.
• CSR is a short for “Certificate Signing Request” and contains the hash needed by any CA to create a “Signed” certificate.
• Private Key Is the server keyportion of the certificate that enables the server to “Decrypt” traffic generated by a remote client using the provided certificate. This part of the certificate should always be kept save, and should never be exchanged with any 3rd party. He who has the private key can assume the identity of the server/service on which the certificate applies.
• Public KeyIs the client keyportion of the certificate that allows a client to decrypt the traffic that is generated by the remote server. This key is exchanged encrypted using the certificate during connection time, and because only the server holds the server portion of the privatekey, he is the only one in the world who can theoretically decode this traffic containing the key.
• Certificates CN (Common Name) should always comply with the url used by the visiting client. i.e. for google the CN would be http://www.google.com.
• Certificates O (Organization) should match the company listed in the whois that is performed on the domain name. i.e. for google it would be “Google Inc.” http://www.whois.net/whois/google.com
• When you want to use the Certificates for Mobile Devices, a special certificate should be used. Check ssl.nu for more information.
• SAN – is a short for “Subject Alternative Name” not to be mistaken with “Storage Active Network”, it is a special certificate that allows for multiple CNs. (multiple sites) http://www.digicert.com/subject-alternative-name.htm, also used in a number of Microsoft products.
• If you have an option on this point dont use certificates that use MD5 cryptographic hash . These are considered to be weak, and might be blocked by future browsers being insecure. Weaknesses allow hackers to create a ‘valid’ certificate and steal the identity of you site by applying it. (though read, for the wiz-kids http://www.win.tue.nl/hashclash/rogue-ca/)

this might also be usefull, CSR Checker that will also perform a few checks to make sure all the info inside the CSR adds up.
https://www.networking4all.com/en/support/tools/csr+check/

peimg.exe missing? here is how to fix it :)

Facts.

peimg is not being used anymore in the WAIK for windows 7. Instead you need to use the dism command. because the help is hidden pretty well, here is the Help you prob. are looking for 🙂

To get all the available options on the “offline” wim image provided by dism you need to run the following.


# Mount the image as usual (use the WAIK command line from the start menu

imagex /mountrw C:\path\to\image.wim {1/2}* C:\path\to\mount-dir\

*There can be multiple images in a wim image, for boot.wim these are 1 = Microsoft Windows PE, 2= Microsoft Windows Setup. The 1 or 2 in the given command selects the required image.

#To get all the dism options type the following;
dism /image:C:\path\to\mount-dir /?



Keep in mind that sub options have new help menus. For example, adding additional drivers has new help instructions that are accasible by calling;

dism /image:c:\path\to\mounted\image /add-driver /?


All the base options provided by dism

Image Version: 6.1.7600.16385

The following commands may be used to service the image:

UNATTEND SERVICING COMMANDS:
/Apply-Unattend - Applies an unattend file to an image.

DRIVER SERVICING COMMANDS:
/Remove-Driver - Removes driver packages from an offline image.
/Get-DriverInfo - Displays information about a specific driver
in an offline image or a running operating system.
/Get-Drivers - Displays information about all drivers in
an offline image or a running operating system.

WINDOWS PE COMMANDS:
/Apply-Profiles - Applies profiles to the Windows PE image.
/Disable-Profiling - Disables profiling.
/Enable-Profiling - Enables profiling.
/Get-PESettings - Displays Windows PE image information.
/Get-Profiling - Gets the enabled/disabled state of the Windows PE
profiler.
/Get-ScratchSpace - Gets the configured amount of Windows PE system
volume scratch space.
/Get-TargetPath - Gets the target path of the Windows PE image.
/Set-ScratchSpace - Sets the scratch space of the Windows PE image.
/Set-TargetPath - Sets the target path of the Windows PE image.

INTERNATIONAL SERVICING COMMANDS:
/Set-LayeredDriver - Sets keyboard layered driver.
/Set-UILang - Sets the default system UI language that is used
in the mounted offline image.
/Set-UILangFallback - Sets the fallback default language for the system
UI in the mounted offline image.
/Set-UserLocale - Sets the user locale in the mounted offline image.
/Set-SysLocale - Sets the language for non-Unicode programs (also
called system locale) and font settings in the
mounted offline image.
/Set-InputLocale - Sets the input locales and keyboard layouts to
use in the mounted offline image.
/Set-TimeZone - Sets the default time zone in the mounted offline
image.
/Set-AllIntl - Sets all international settings in the mounted
offline image.
/Set-SKUIntlDefaults - Sets all international settings to the default
values for the specified SKU language in the
mounted offline image.
/Gen-LangIni - Generates a new lang.ini file.
/Set-SetupUILang - Defines the default language that will be used
by setup.
/Get-Intl - Displays information about the international
settings and languages.

PACKAGE SERVICING COMMANDS:
/Remove-Package - Removes packages from the image.
/Enable-Feature - Enables a specific feature in the image.
/Disable-Feature - Disables a specific feature in the image.
/Get-Packages - Displays information about all packages in
the image.
/Get-PackageInfo - Displays information about a specific package.
/Get-Features - Displays information about all features in
a package.
/Get-FeatureInfo - Displays information about a specific feature.
/Cleanup-Image - Performs cleanup and recovery operations on the
image.

specify a command immediately before /?.

Examples:
DISM.exe /Image:C:\test\offline /Apply-Unattend /?
DISM.exe /Image:C:\test\offline /Get-Features /?
DISM.exe /Online /Get-Drivers /?


Alter Send / Receive quotas on exchange 2007

Using the MaxReceiveSize and MaxSendSize you are able to limit the messagesize that is allowed to be transported. You generaly want to do this to block huge (in SMTP world) messages. These huge messages (when received and send) might require a huga ammount of system resources slowing down the overall performance or even make the outlook client go unresponsive.

An exchange administrator is able to alter these limits which are by default;
Exchange 2007 RTM (out of the box media)
send : Unlimited
maxRecipientEnvelopeLimit : Unlimited

Exchange 2007 SP1
send : 10MB
maxRecipientEnvelopeLimit : 5000

Using the Exchange Management Powershell console you may use the following commands to alter these limits.
View the actual limits.

Get-TransportConfig


Alter the limits

Set-TransportConfig -MaxReceiveSize 20MB
Set-TransportConfig -MaxSendSize 20MB


If you want the full documentation please review the following Microsoft Documentation…
http://technet.microsoft.com/en-us/library/bb124345(EXCHG.80).aspx

Rgrds,

SUSE

#Replace the eth0 in ifroute-# with the actual interface in your box.
vim /etc/sysconfig/network/ifroute-eth0

#Add the following rule with this structure
10.0.0.2 100.0.0.1 255.255.255.255 eth0

#Save the file


RHEL/ OEL

#Replace the eth0 in route-# whti the actual interface in your box.
vim /etc/sysconfig/network-scripts/route-eth0

#Add the route information like so;
GATEWAY0=100.0.0.1

GETWAY1=gw.gw.gw.gw

#Save the file


WINDOWS

route -p add 10.0.0.2 mask 255.255.255.255 100.0.0.1 metric 1

# Stored in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes


OEL5.3

Shared : Always redirect to root script.

This script is intended to redirect people back to the root application when manually browsing to hidden application folders. i.e.
/inc/ should never show an index, so we install an index.html / index.php. This script will redirect people back to ./ no matter what the path.

&lt;?php
// No matter where you are, always redirect back to root
$r = '';$d = (count(explode('/', dirname($_SERVER['SCRIPT_NAME']))) -1); for($l = 1; $l &lt;=$d; $l++){$r .= '../';}
?&gt;


Memo : Windows Server 2008 Core Commands

Well if i ever need to do something like setting an IP on a Windows server 2008 Core machine, this is where i can find the manuals.

http://technet.microsoft.com/en-us/library/cc753802.aspx

Nice product for a stub location though 😀

Memo : Change OWA 2003 accepted signature, file types, mime types etc…

Just a little reminder for me, there is a collection of registry keys in Exchange 2003 server that enables you to administer various OWA settings. One of the most anoying is the signature length that limits people to set the correct signature using the web-admin.

This is the path in the windows registry to alter these.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA]

Level1FileTypes                 >    String
Level1MIMETypes           >    String
Level2FileTypes                >    String
Level2MIMETypes          >    String
UseRegionalCharset        >    Dword    ( 1 / 0 )
DisablePassword                >    Dword    ( 1 / 0 )
KnownContentTypes     >     String
SignatureMaxLength     >     Dword

ALWAYS BACKUP YOUR REGISTRY KEYS BEFORE ALTERING THEM! USE THE REGEDIT EXPORT FUNCTION TO DO SO!

About the Levels the following is documented..

There are two levels of attachment security. Access to Level 1 files is blocked and can’t be changed. When you receive an attachment with a Level 2 file type, you will be prompted to save the file to your hard disk. If you use Microsoft Exchange Server, your system administrator can add and remove file types for both levels of e-mail security. If a file type is added to both levels, it will be treated as a Level 1 file type
http://office.microsoft.com/en-us/outlook/HP030850041033.aspx

Altering the SignatureMaxLength keep the following in mind;
The default SignatureMaxLength value is 4096 (4KB) and the maximum value is 16672 (16KB).
as documented here, http://forums.msexchange.org/Signature_Size_on_OWA/m_170055600/tm.htm
I didnt find the Microsoft documentation as of yet.